<?php
/*****************************************************************************\
+-----------------------------------------------------------------------------+
| X-Cart                                                                      |
| Copyright (c) 2001-2007 Ruslan R. Fazliev <rrf@rrf.ru>                      |
| All rights reserved.                                                        |
+-----------------------------------------------------------------------------+
| PLEASE READ  THE FULL TEXT OF SOFTWARE LICENSE AGREEMENT IN THE "COPYRIGHT" |
| FILE PROVIDED WITH THIS DISTRIBUTION. THE AGREEMENT TEXT IS ALSO AVAILABLE  |
| AT THE FOLLOWING URL: http://www.x-cart.com/license.php                     |
|                                                                             |
| THIS  AGREEMENT  EXPRESSES  THE  TERMS  AND CONDITIONS ON WHICH YOU MAY USE |
| THIS SOFTWARE   PROGRAM   AND  ASSOCIATED  DOCUMENTATION   THAT  RUSLAN  R. |
| FAZLIEV (hereinafter  referred to as "THE AUTHOR") IS FURNISHING  OR MAKING |
| AVAILABLE TO YOU WITH  THIS  AGREEMENT  (COLLECTIVELY,  THE  "SOFTWARE").   |
| PLEASE   REVIEW   THE  TERMS  AND   CONDITIONS  OF  THIS  LICENSE AGREEMENT |
| CAREFULLY   BEFORE   INSTALLING   OR  USING  THE  SOFTWARE.  BY INSTALLING, |
| COPYING   OR   OTHERWISE   USING   THE   SOFTWARE,  YOU  AND  YOUR  COMPANY |
| (COLLECTIVELY,  "YOU")  ARE  ACCEPTING  AND AGREEING  TO  THE TERMS OF THIS |
| LICENSE   AGREEMENT.   IF  YOU    ARE  NOT  WILLING   TO  BE  BOUND BY THIS |
| AGREEMENT, DO  NOT INSTALL OR USE THE SOFTWARE.  VARIOUS   COPYRIGHTS   AND |
| OTHER   INTELLECTUAL   PROPERTY   RIGHTS    PROTECT   THE   SOFTWARE.  THIS |
| AGREEMENT IS A LICENSE AGREEMENT THAT GIVES  YOU  LIMITED  RIGHTS   TO  USE |
| THE  SOFTWARE   AND  NOT  AN  AGREEMENT  FOR SALE OR FOR  TRANSFER OF TITLE.|
| THE AUTHOR RETAINS ALL RIGHTS NOT EXPRESSLY GRANTED BY THIS AGREEMENT.      |
|                                                                             |
| The Initial Developer of the Original Code is Ruslan R. Fazliev             |
| Portions created by Ruslan R. Fazliev are Copyright (C) 2001-2007           |
| Ruslan R. Fazliev. All Rights Reserved.                                     |
+-----------------------------------------------------------------------------+
\*****************************************************************************/

#
# $Id: cc_webcraft.func.php,v 1.1.2.5 2007/08/30 09:49:40 zaa Exp $
#

if ( !defined('XCART_START') ) { header("Location: ../"); die("Access denied"); }

function func_cc_webcraft_verify($md, $return_url) {
	global $module_params, $secure_oid, $userinfo, $cart, $bill_name;

	$request_account = $module_params["param03"];
	$request_login = $module_params["param01"];
	$request_password = $module_params["param02"];
	$request_prefix = $module_params["param09"];

	$post = array();
	$post[] = "ACCOUNT=". $request_account;
	$post[] = "USERNAME=". $request_login;
	$post[] = "PASSWORD=". $request_password;
	$post[] = "TYPE=300"; # 3-D Secure Sale Transaction (TYPE=300)
	$post[] = "CARDNO=" . $userinfo["card_number"];
	$post[] = "CVV2=" . $userinfo["card_cvv2"];
	$post[] = "EXPIRY=" . substr($userinfo["card_expire"],2,2) . substr($userinfo["card_expire"],0,2);
	$post[] = "AMOUNT=" . $cart["total_cost"] * 100;
	$post[] = "ORDERNO=" . $request_prefix . join("-", $secure_oid);

	$url = $module_params['testmode'] == 'Y' ? "https://psp.stg.transactium.com:443/merchantservices/gateway/process.aspx" : "https://psp.transactium.com:443/merchantservices/gateway/process.aspx";
	list($a, $return) = func_https_request("POST", $url, $post);

	$response_array = array();

	# Check that we got valid response and parse it.
	if (!empty($return) && strpos($return, "ERROR") !== false) {
		parse_str($return, $response_array);
	}

	$r = array();

	if (empty($response_array)) {
		$r['error'] = -1;
		$r['error_msg'] = "Failed to receive response from Transactium system. Response: " . $return;
	} else {
		$r['data'] = $response_array;
		if (!empty($response_array) && isset($response_array['3DSECUREENROLLED']) && $response_array['3DSECUREENROLLED'] == 'Yes') {
			$r['form_url'] = base64_decode($response_array['REDIRECTURL']);
			$r['form_data'] = array();
			$r['form_data']['PaReq'] = str_replace(" ", "+", $response_array['PAREQ']);
			$r['form_data']['MD'] = $md;
			$r['form_data']['TermUrl'] = $return_url;
			$r['service_data'] = array("ATTEMPTID" => $response_array['ATTEMPTID']); # ATTEMPTID will be used in validation function.
		}
	}

	return $r;
}

function func_cc_webcraft_validate() {
	global $HTTP_GET_VARS, $HTTP_POST_VARS, $data, $module_params;

	$request_account = $module_params["param03"];
	$request_login = $module_params["param01"];
	$request_password = $module_params["param02"];
	$request_prefix = $module_params["param09"];

	$post = array();
	$post[] = "USERNAME=". $request_login;
	$post[] = "PASSWORD=". $request_password;
	$post[] = "TYPE=310"; # 3-D Secure Finalisation (TYPE=310)
	$post[] = "ATTEMPTID=" . $data['service_data']['ATTEMPTID']; # get ATTEMPTID that was stored during verification stage.
	$post[] = "PARES=" . $HTTP_POST_VARS['PaRes'];

	$url = $module_params['testmode'] == 'Y' ? "https://psp.stg.transactium.com:443/merchantservices/gateway/process.aspx" : "https://psp.transactium.com:443/merchantservices/gateway/process.aspx";
	list($a, $return) = func_https_request("POST", $url, $post);

	$response_array = array();

	# Check that we got valid response and parse it.
	if (!empty($return) && strpos($return, "ERROR") !== false) {
		parse_str($return, $response_array);
	}

	$r = array();

	if (empty($response_array)) {
		$r['error'] = -2;
		$r['error_msg'] = "Failed to receive response from Transactium system. Response: " . $return;
	} else {
		$r['data'] = $response_array;
	}

	return $r;
}

?>
